Safari 3.1.1 brings security fixes to Mac, Windows users

Apple issued an update to Safari this afternoon that improves stability and …

Apple posted a minor update to Safari this afternoon for Leopard, Tiger, Windows XP, and Windows Vista users. Safari 3.1.1 is, as always, recommended for all users and "includes improvements to stability, compatibility and security," according to Apple

The security fixes are the only parts that Apple has spelled out, but they address issues on both the Mac and Windows. Two of the issues only affect Windows XP and Windows Vista machines—one of which fixes a memory corruption issue in Safari's downloader that could allow a hacker to perform arbitrary code execution or terminate an application remotely. The second addresses a bug that can be used for phishing and identity theft by changing the contents of the address bar without loading the contents of the page. As it turns out, Apple fixed this issue in the Safari 3.0.2 beta, but accidentally reintroduced it with Safari 3.1.

The other two security bugs affect Mac users of the Tiger and Leopard variety in addition to Windows XP and Vista. One addresses a URL handling issue related to colons in hostnames that could have been used to launch a cross-site scripting attack, and the other patches a heap overflow buffer in WebKit's handling of regular expressions in JavaScript (pretend like I inserted a hilarious regular expressions joke here. I'm tired). Again, the problem eventually leads to arbitrary code execution or termination. This issue is the one that researcher Charlie Miller used to exploit the MacBook Air at CanSecWest, which netted him a prize of $10,000, and Apple credits him for this find.

The 39MB update is available through Software Update or Apple's website, so get to updatin' (and for some of us, rebootin')!